1st Edition

Unauthorized Access The Crisis in Online Privacy and Security

By Robert Sloan, Richard Warner Copyright 2014
    398 Pages 29 B/W Illustrations
    by CRC Press

    398 Pages
    by CRC Press

    Going beyond current books on privacy and security, Unauthorized Access: The Crisis in Online Privacy and Security proposes specific solutions to public policy issues pertaining to online privacy and security. Requiring no technical or legal expertise, the book explains complicated concepts in clear, straightforward language.

    The authors—two renowned experts on computer security and law—explore the well-established connection between social norms, privacy, security, and technological structure. This approach is the key to understanding information security and informational privacy, providing a practical framework to address ethical and legal issues. The authors also discuss how rapid technological developments have created novel situations that lack relevant norms and present ways to develop these norms for protecting informational privacy and ensuring sufficient information security.

    Bridging the gap among computer scientists, economists, lawyers, and public policy makers, this book provides technically and legally sound public policy guidance about online privacy and security. It emphasizes the need to make trade-offs among the complex concerns that arise in the context of online privacy and security.

    Introduction
    Introduction
    The Good, the Bad, and the In Between
    Making Trade-offs
    Values
    Politics
    Today and Tomorrow: Web 1.0, 2.0, 3.0
    A Look Ahead

    An Explanation of the Internet, Computers, and Data Mining
    Introduction
    Primer on the Internet
    Primer on Computers
    Primer on Data, Databases, and Data Mining

    Norms and Markets
    Introduction
    Norms Defined
    Coordination Norms
    Value Optimal Norms
    Norms and Markets
    Norms and Game Theory

    Informational Privacy: The General Theory
    Introduction
    Personally Identifiable: A Distinction without (Much of) a Difference
    The Requirement of Free and Informed Consent
    Problems with Notice and Choice
    Informational Norms
    Ensuring Free and Informed Consent
    The Ideal of Norm Completeness

    Informational Privacy: Norms and Value Optimality
    Introduction
    Direct Marketing: Retailers as Information Brokers
    Information Aggregators
    The Health Insurance Industry
    More Examples
    Collaborate or Resist?

    Software Vulnerabilities and the Low-Priced Software Norm
    Introduction
    What Buyers Demand
    Strict Liability
    Negligence
    Product Liability for Defective Design
    The Statutory Alternative
    We Are Trapped and Only Legal Regulation Will Release Us
    Three Examples of Value Optimal Product-Risk Norms
    The Low-Priced Software Norm
    We Need to Create a Value Optimal Norm—but What Should It Be?

    Software Vulnerabilities: Creating Best Practices
    Introduction
    Best Practices Defined
    Best Practices for Software Development
    Creating the Best Practices Software Norm
    Norm Creation in Real Markets
    Unauthorized Access: Beyond Software Vulnerabilities

    Computers and Networks: Attack and Defense
    Introduction
    Types of Doors
    Attacks on Availability
    Attacking Confidentiality: Hanging Out in the Neighborhood
    Attacks on Authentication
    Attacks on Integrity
    Multiplying, Eliminating, and Locking Doors
    Posting Guards
    Loc king and Guarding Doors Is Hard and We Do a Poor Job
    Should ISPs Lock Doors and Check Credentials?

    Malware, Norms, and ISPs
    Introduction
    A Malware Definition
    The Malware Zoo
    Why End-User Defenses Are So Weak
    The "End-User-Located Antivirus" Norm
    Fire Prevention and Public Health
    Compare Malware
    Is Better Protection Worth Violating Network Neutrality?
    The Value Optimal Norm Solution

    Malware: Creating a Best Practices Norm
    Introduction
    Current Best Practices for ISP Malware Defense
    An Additional Wrinkle: The Definition of Malware Is Not Fully Settled
    Defining Comprehensive Best Practices
    Creating the Norm
    Norm Creation in Real Markets
    The End-to-End and Network Neutrality Principles
    Has Our Focus Been Too Narrow?
    Was Our Focus Too Narrow in Another Way?

    Tracking, Contracting, and Behavioral Advertising
    Introduction
    Behavioral Advertising and the Online Advertising Ecosystem
    How Websites Gain Information about You: Straightforward Methods
    Other Ways of Getting Your Online Information
    What Is Wrong with Behavioral Advertising?
    The Second-Order Contractual Norm
    How the Norm Arises in Ideal Markets
    Real Markets: How the Coordination Norm Arises
    The Lack of Consent to Pay-with-Data Exchanges

    From One-Sided Chicken to Value Optimal Norms
    Introduction
    Chicken with Cars
    The Pay-with-Data Game of One-Sided Chicken
    Norm Creation in Perfectly Competitive Markets
    Norm Creation in the Real Market
    Does Facebook Play One-Sided Chicken?
    Do-Not -Track Initiatives
    More "Buyer Power" Approaches to Norm Generation
    Two Versions of the Best Practices Statute Approach
    Prisoner’s Dilemma
    The Need for Trust
    If We Fail to Create Norms
    The Big Data Future

    Index

    Notes, References, and Further Reading appear at the end of each chapter.

    Biography

    Robert H. Sloan is a professor and head of the Department of Computer Science of the University of Illinois at Chicago. He has published extensively in the areas of computer security, theoretical computer science, and artificial intelligence. He received a PhD in computer science from the Massachusetts Institute of Technology. Richard Warner is a professor and Norman and Edna Freehling scholar at the Illinois Institute of Technology Chicago-Kent College of Law, where he is the faculty director of the Center for Law and Computers. He is the director of the School of American Law, which has branches in Poland, Ukraine, and Georgia; editor-in-chief of Emerging Markets: A Review of Business and Legal Issues ; and a member of the US Secret Service's Electronic and Financial Crimes Taskforce. He received a PhD in philosophy from the University of California, Berkeley, and a JD from the University of Southern California. His research interests include privacy, security, contracts, and the nature of values and their relation to action.

    "… a guide though the thicket of contradictions and trade-offs in this area. … The well-written collection of 12 chapters starts with the basics of computing, networking, and data mining, and proceeds through systems vulnerabilities, attacks, and defenses, all within the perspectives of costs (economy), law, social engineering, and public policy. … Highly recommended."
    —J Beidler, University of Scranton, in CHOICE Magazine, April 2014

    "Sloan and Warner’s new book comprehensively analyzes consumer privacy and security from a game theoretic viewpoint. Their approach crisply explains both consumer and firm behavior and offers useful predictions for where market or regulatory approaches are needed for consumer protection."
    —Chris Jay Hoofnagle, Lecturer in Residence, UC Berkeley Law

    "The success of this book is in making non-technical readers think about the situation we are in and the hard choices that we are left with."
    —Sithu D. Sudarsan, in Computing Reviews

    " … the writing style increases the accessibility of the content and enhances its appeal to a broader readership, including graduate students, postgraduate students, and informed lay readers. … Fortunately, this book was written by experts with a deep knowledge and understanding of the field, who present complex issues in a refreshingly straightforward manner. … will stimulate the thinking of students at all levels, especially those in computer science and engineering courses focusing on ethical and professional issues."
    —Barry Blundell, in Computing Reviews